U.S. Developments

Regulatory Updates

SEC Chairman Clayton Explains that an Asset Can Lose Its Status of Being Labeled a Security

U.S. Securities and Exchange Commission (“SEC”) Chairman Jay Clayton appears to have confirmed SEC-staff analysis of the classification of decentralized digital assets.  Last year, SEC Director of Corporation Finance William Hinman said during a speech that decentralization impacts the classification of digital assets and that, by way of example, Ethereum did not exhibit the properties of a security. Congressman Ted Budd, along with the industry advocacy group Coin Center, wrote a letter to Chairman Clayton asking for clarification on whether the Chairman agreed. 

In Chairman Clayton’s response to the letter, he agrees with Director Hinman’s explanation that “the analysis of whether a digital asset is offered or sold as a security is not static and does not strictly inhere to the instrument.”  The Chairman goes on to explain that if “purchasers would no longer reasonably expect a person or group to carry out the essential managerial or entrepreneurial efforts . . . the digital asset may not represent an investment contract under the Howey framework.”

CFTC’s Nearly $1 million Consent Order Against 1pool Ltd.

The Commodity Futures Trading Commission (“CFTC”) entered a Consent Order (“Order”) resolving a CFTC action against 1pool Ltd., a limited liability company located in the Marshall Islands, and its Chief Executive Officer and owner, Patrick Brunner.  The defendants were alleged to have violated multiple laws in their operation of an online trading platform, www.1broker.com, that offered customers retail commodity transactions, among other products.  In total, the defendants are paying $990,000 in resolution of the CFTC action.  The defendants were subject to a civil monetary penalty and disgorgement of gains and were required to pay all known U.S. customers the bitcoin amount held by the defendants in U.S. customers’ accounts via the online trading platform.

According to the CFTC, the defendants violated laws through the trading platform by illegally offering retail commodity transactions that were margined in bitcoin, failing to register as a futures commission merchant with the CFTC, and failing to meet supervisory duties by not implementing adequate anti-money laundering procedures.  Notably, the CFTC viewed Brunner, as the developer of the trading platform and 1pool Ltd.’s chief executive officer, sole shareholder and beneficial owner, as having the requisite degree of control, whether direct or indirect, over the platform’s operations and its accessibility by U.S. persons to justify a finding that Brunner should also be personally liable for the violations.

In reference to the Order, James McDonald, the CFTC Director of Enforcement, stated: “Intermediaries should take notice that they will be held accountable by the CFTC for failing to comply with registration requirements and failing to implement policies and procedures that are crucial in protecting U.S. customers and our markets.  Through the Division’s Bank Secrecy Task Force, Enforcement will continue to investigate and prosecute such violations.”

A copy of the Order can be found here.

SEC Welcomes Public Input on Non-DVP Custodial Practices and Digital Assets: Investment Advisers Act of 1940: Rule 206(4)-2

Back in February 2017, the SEC Division of Investment Management (the “Division”) issued Guidance Update 2017-01, which discussed the Custody Rule under the Investment Advisers Act of 1940 (“Advisers Act”).  Since the issuance of that Guidance Update, investment advisers and other market participants have raised issues regarding the regulatory status of investment adviser and custodial trading practices that are not processed or settled on a delivery versus payment (“Non-DVP”) basis, which is explained in more detail below.  The Division is now welcoming engagement from advisers, other market participants, and the public on such issues and on the applicability of the Custody Rule to digital assets.

The Custody Rule is a key investor protection under the Advisers Act that prohibits an investment adviser that is registered or required to be registered under the Advisers Act to have “custody” of client funds or securities unless such funds are maintained in accordance with the requirements of the Custody Rule.  “Custody,” per the Advisers Act, includes “[a]ny arrangement (including a general power of attorney) under which [an investment adviser is] authorized or permitted to withdraw client funds or securities maintained with a custodian upon [the investment adviser’s] instruction to the custodian.”  Authority over and access to client securities and funds fall within the definition of custody as well.

The Division has explained that the Custody Rule does not apply to authorized trading because clients’ custodians are generally under instructions to transfer funds (or securities) out of a client’s account only upon corresponding transfer of securities (or funds) into the account.  The Division finds that this “‘delivery versus payment’ arrangement minimizes the risk that an [investment] adviser could withdraw or misappropriate the funds or securities in its client’s custodial account.”

However, concern about the risks of misappropriation inherent in Non-DVP arrangements still exists.  Where trading or settlement payment precedes delivery, there is a heightened risk that an investment adviser could misappropriate funds or securities in its client’s custodial account.  In alignment with such concern, the Division has noted that even a moment’s custody of client assets puts those assets at risk of misuse or loss.  As the digital currency sector expands, this concern has become pervasive.

Apart from the Custody Rule, investment advisers have an obligation to safeguard clients’ assets, and registered investment advisers, specifically, have an obligation to review internal controls to reduce the risk of misappropriation or loss per Rule 206(4)-7 of the Advisers Act.  Nonetheless, the Division welcomes engagement from advisers, other market participants, and the public on policy recommendations to better protect assets via the Advisers Act and especially the Custody Rule.

Industry Updates

Mark Karpeles Verdict

The Tokyo District Court has found Mark Karpeles, the former CEO of one of the largest bitcoin exchanges at the time, guilty of tampering with exchange data related to Mt. Gox.  The court, however, rejected charges of embezzlement and breach of trust despite allegations that Karpeles misappropriated about $3 million of customers’ funds for his own personal use.  The court rejected these charges because it concluded that Karpeles had acted without ill intent.

In December 2018 Japanese prosecutors were seeking a 10-year jail sentence.  Instead, Karpeles was handed a suspended sentence of two years and six months.  He must maintain a good record over the next four years to avoid jail time.

State Updates

Texas Proposes Bill that Would Require the Disclosure of the True Identities of Parties in Cryptocurrency Transactions: H.B. No. 4371.

If enacted, Texas House Bill Number 4371 (“H.B. No. 4371”) will require Texas citizens involved in digital currency transactions to verify the identity of the opposing party to the digital currency transaction.  The bill also bans the State of Texas from using digital currency that is not a verified identity digital currency.  A “verified identity digital currency” is a digital currency that allows the true identities of the sender and receiver to be known before a person has access to another person’s digital wallet.

The bill does not appear to require that persons retain the identity information that they are forced to “verify,” nor does it say that this identity information shall be available to law enforcement without a warrant.  H.B. No. 4371 has attracted an abundance of criticism because many critics find the proposed language to be confusing and a clear indicia of a misunderstanding of the fundamentals of cryptocurrency and the mechanics of a cryptocurrency transaction.

The bill has not been voted on, but if passed, the bill will take effect later this year: September 1, 2019.

Colorado Provides a State-Licensing Exemption in “Colorado Digital Token Act” for Cryptocurrency Created for a “Consumptive Purpose”

Colorado’s Senate Bill 19-023 (the “Colorado Digital Token Act”) has passed and is set to take effect on August 2, 2019.

The Colorado Digital Token Act fortifies Colorado’s status as a cryptocurrency-friendly state.  The bill directly acknowledges the importance of cryptocurrency as well as the constricting regulatory regime of the space.  The bill furthermore establishes Colorado as a breeding ground for cryptocurrency businesses by providing a licensing exemption for a person engaged in the business of effecting or attempting to effect the purchase, sale, or transfer of a digital token if the token was created for a “consumptive purpose.”  A “consumptive purpose” includes “to provide or receive goods, services, or content, including access to goods, services, or content.”

The Colorado Digital Token Act declares that its enactment “will enable Colorado businesses that use cryptoeconomic systems to obtain growth capital to help grow and expand their businesses, thereby promoting the formation and growth of local companies and the accompanying job creation and helping make Colorado a hub for companies that are building new forms of decentralized ‘Web 3.0’ platforms and applications.”


International Developments

Amendment to Cayman Islands’ Proceeds of Crime Law (2019 Revision) Expands Regulatory and Reporting Obligations

The Cayman Islands Proceeds of Crime (Amendment) Bill, 2019 would amend the Proceeds of Crime Law (2019 Revision) by broadening the powers and duties of the country’s regulatory authorities over financial due diligence and governance, including the Financial Reporting Authority and the Anti-Money Laundering Steering Group.  The bill also lessens the burden for a person to be found guilty of “tipping off” wrongdoers that a report (similar to a Suspicious Activity Report) is made or is likely to be made, while providing a safe harbor for those who disclose information in pursuit of mandated legal disclosures.

Additionally, the bill would include the activities of a “virtual asset service” as a “relevant financial business”; entities that are relevant financial businesses under Cayman law have regulatory and reporting obligations.  The bill defines a “virtual asset” as a “digital representation of value that can be digitally traded or transferred, and can be used for payment or investment purposes.”

FinCEN and the FATF Warn of AML/CFT Deficiencies of the Democratic People’s Republic of Korea and Iran; Cambodia Is Added to FATF List

As part of a continued global effort to protect financial institutions and combat the financing of criminal activity, the Financial Crimes Enforcement Network (“FinCEN”) issued an advisory to inform financial institutions of updates to the Financial Action Task Force (the “FATF”) list of countries and jurisdictions with strategic anti-money laundering and combatting the financing of terrorism (“AML/CFT”) deficiencies.  The Democratic People’s Republic of Korea (“DPRK”) and Iran were specifically highlighted given that they are subject to a call for action, effectively meaning that these jurisdictions are blacklisted.  Additionally, Cambodia was added to the FATF list of jurisdictions with strategic AML/CFT deficiencies.

The FATF renewed its call for institutions engaging with DPRK to impose counter-measures to mitigate the major deficiencies in the country’s financial system.  The FATF issued a public statement explaining that serious threats are posed to the integrity of the international financial system by the DPRK’s continued failure to address significant deficiencies in its AML/CFT regime.  The FATF noted that it was particularly concerned about the financing and proliferation of weapons of mass destruction.  FinCEN encourages institutions engaged with the DPRK  to apply safeguards in dealings with the DPRK that are in accordance with United Nations Security Council resolutions, such as prohibiting financial institutions from establishing new joint ventures with DPRK banks without advance approval from the UN, expelling individuals acting on behalf of a financial institution of the DPRK, and prohibiting public and private financial support and trade with the DPRK.

The FATF noted that Iran has not adequately criminalized terrorist financing and other terrorism activity and is not identifying and freezing terrorist assets.  The FATF indicated that a customer due diligence regime is still not properly implemented in Iran’s financial sector.  The FATF noted several other areas needing improvement with regard to governance and deterrence focused on terrorist activity.

The EU’s Second Payment Services Directive Testing Period

As the testing period begins for the European Union’s Second Payment Services Directive (“PSD2”), commentators are concerned about how to phase the PSD2 into transactions with financial instructions in a practical way.  The PSD2 is intended to result in a legal framework that enables enhanced consumer protection, promotes innovation, and improves the security of payments services.  Such precepts may possibly seem to clash with the requirements of online data privacy law promulgated by the General Data Protection Regulation (“GDPR”).  The testing period is intended to provide policy makers with greater insight into proper governance and implementation of the PSD2, especially in compliance with the GDPR.